Stories like this only confirm to me that while Zoneminder is far from perfect it was the better option for me compared to using consumer-grade options. I buy cheap ($40-$60) PoE cameras (I have some Reolink and 1-2 SV3C's I think), I immediately block their internet access by MAC address, then add them to ZoneMinder. I have 2 Wyze cameras as well but they are also only allowed to talk to ZoneMinder and I have flashed a custom firmware on them.
Google shutting down Xiaomi access to Assistant following Nest Hub picking up strangers' camera [1]
>"We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices."
...
>It appears Google isn't taking any chances when it comes to this issue, disabling Xiaomi integrations entirely. We reached out for further confirmation that this would mean a blanket disabling of all Mi Home products and were told that is the case.
Pretty annoying they have to mess up all my other devices, but at least it's being addressed.
Huh. I'm not sure what should be the baseline of "okay" now anymore, but I wonder if this isn't worse than leaving things be. Leakage is out there anyway, and it seems likely now that it is buggy enough for malevolent actor to find a way to spy on his neighbour. But what about those who is away from home now and really needs the footage for some reason? I guess lack of this footage would be a bigger security issue for them than the chance a couple of frames will leak to somebody else.
This stuff gets me paranoid, i have a nest doorbell, because i don't care who can look at my front lawn, and a nest camera that only gets plugged in when no one is at the house. Other than that i have a closed circuit camera system with motioneyeos (motion activated) and a few POE cameras with no wifi and send the footage offsite.
I know it is not as convenient, but these cameras are getting scary. These are only the stories we know about. imagine who else is watching.
What I genuinely don't understand is why do you even need them. Do they somehow deter burglars? Unlikely, unless there is hard data showing that they do. Did the US somehow degenerate into a war zone lately, because everyone managed (and still manages outside the US!) to survive without those, but Americans suddenly need those cameras? Besides, what would you even do if a. you're away from your home b. a camera detects something c. you're near your phone at the moment (which isn't given at all, you're pretty likely to be asleep or busy)? Call the cops from the other side of the world and hope they come in time? Activate claymores or giant battle robots?
How come Amazon and others apparently convinced millions of middle class Americans in the space of just a few years that they absolutely require 24/7 surveillance in and around their houses? Are you that scared of your compatriots?
Why do you need an additional nest camera if you already have a CC camera system with ethernet cameras? (Genuinely curious, because I have neither of those)
I have some cameras that are offline (no cloud integration, no internet connection) and when looking to buy a spare I noticed that all the newer and otherwise identical models only work with cloud integration. No ONVIF, no RTSP. Forcing the user's hand into sending all data into their cloud for very little convenience gained, if any.
Since it only shows stills, could it be some kind of race condition? Don't get me wrong, the major problem is of course that it has access to other people's camera feeds but since it only gains access for what seems like a moment maybe the access getting denied is raced by the update of the screen?
I don't know, why am I even thinking too deeply about this. A major company screwing up IoT. It happens way too often and there are a million ways they could do it.
Probably a race condition. I once worked at a bank where the core banking system had a bug where if you asked account data for user X it would about once in a thousand queries return data for some unrelated user Y if the system was under a high load.
The official, vendor-certified "fix" was that since the reply to this query contained the user ID, when calling this API you should always write a do-while loop like:
do {
accountsReply = bankCore.getAccountsForUser(myUserId)
} while (accountsReply.userId != myUserId)
This massive, embarrassing bug was not really documented anywhere, i.e. "silent information". You just "had to know" when writing code against this API that once in a blue moon, it could return data for the wrong user. But only in production, since the test environment was never under such heavy load it could trigger the race.
This is all because of NAT. I bet that to bypass it they have various servers where your cameras connect to and the image is streamed through them when you use your app to view it. When you're connecting you just see the last frame stored that previous user was viewing. Their fix probably will be to just delay the app display so it is not showing this.
Anyone that thinks that cameras that are connected to "the cloud" don't give the company access to them is an idiot.
How could this be a race condition? if you ask for a specific stream channel why would you get other stream channels? even if its for a thumbnail preview, the software behind this has to be a clusterfuck to begin with
We recently got a roborock for christmas, which I love btw. From what I recall some of the features of the app still say they're in beta, and they made it very clear. I'm not saying it makes it okay, but I'm curious if this part of the issue.
What bugs me is having to add a new app integration to my Home every time someone buys us a smart device or light. A few cheaper brands I returned immediately after seeing how janky the app and setup were, and also because I wanted to minimize the number of integrations when possible.
The fact that most of the images are distorted in some way seems significant. Perhaps faulty firmware was sent out?
I know someone who programmed cheap Chinese GPRS printers used in food ordering, he messed up his deployment script and gave every device the same ID - a special test ID that would return every single order no matter which take-away it was destined for. So basically, every order went to every take-away.
This scream of a lack of firmware QA more than anything else.
[+] [-] joshstrange|6 years ago|reply
[+] [-] dirtyid|6 years ago|reply
>"We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices."
...
>It appears Google isn't taking any chances when it comes to this issue, disabling Xiaomi integrations entirely. We reached out for further confirmation that this would mean a blanket disabling of all Mi Home products and were told that is the case.
Pretty annoying they have to mess up all my other devices, but at least it's being addressed.
[1] feedshttps://www.androidpolice.com/2020/01/02/uh-oh-xiaomi-camera...
[+] [-] krick|6 years ago|reply
[+] [-] siffland|6 years ago|reply
I know it is not as convenient, but these cameras are getting scary. These are only the stories we know about. imagine who else is watching.
[+] [-] tuxxy|6 years ago|reply
This is extremely selfish. What about your neighbors who walk/drive by your front lawn? You're doing your neighborhood a surveillance disservice.
[+] [-] lambdadmitry|6 years ago|reply
How come Amazon and others apparently convinced millions of middle class Americans in the space of just a few years that they absolutely require 24/7 surveillance in and around their houses? Are you that scared of your compatriots?
It's even more puzzling than gun worship tbh
[+] [-] prox|6 years ago|reply
[+] [-] jannes|6 years ago|reply
[+] [-] close04|6 years ago|reply
[+] [-] olodus|6 years ago|reply
[+] [-] vesinisa|6 years ago|reply
The official, vendor-certified "fix" was that since the reply to this query contained the user ID, when calling this API you should always write a do-while loop like:
This massive, embarrassing bug was not really documented anywhere, i.e. "silent information". You just "had to know" when writing code against this API that once in a blue moon, it could return data for the wrong user. But only in production, since the test environment was never under such heavy load it could trigger the race.[+] [-] takeda|6 years ago|reply
Anyone that thinks that cameras that are connected to "the cloud" don't give the company access to them is an idiot.
[+] [-] jdmg94|6 years ago|reply
[+] [-] Pigo|6 years ago|reply
What bugs me is having to add a new app integration to my Home every time someone buys us a smart device or light. A few cheaper brands I returned immediately after seeing how janky the app and setup were, and also because I wanted to minimize the number of integrations when possible.
[+] [-] DoubleGlazing|6 years ago|reply
I know someone who programmed cheap Chinese GPRS printers used in food ordering, he messed up his deployment script and gave every device the same ID - a special test ID that would return every single order no matter which take-away it was destined for. So basically, every order went to every take-away.
This scream of a lack of firmware QA more than anything else.
[+] [-] dlgeek|6 years ago|reply
[+] [-] jdhawk|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]